b'U.S . GOVERNMENT\nPRrNTIN(~  ()H I CE                                                     Robert C. Ta pella\nK\xc2\xa3\xc2\xa3I\'lNG AMfJUCJ\\ J NJ\'OIlMEO                                                   Public Pfir1:ter\n\n\n\n\nNovember 30, 2009\n\nThe Honorable Charles E. Schumer\nChairman\nJoint Committee on Printing\n318 Russell Senate Office Building\nWashington, DC 20510\n\nDear Mr. Chairman:\n\nIn accordance with 44 U.S.C. 3903 and the relevant provisions of the Inspector\nGeneral Act of 1978, as amended, I am transmitting to Congress the Semiannual\nReport of the Office ofthe Inspector General (OIG) for the U.S. Government\nPrinting Office (GPO), covering the 6 month period of April 1 through September\n30,2009, along with the following information as required by law. This letter\nmeets my statutory obligation to provide comments on the OIG\'s report and\nhighlights management actions taken on the OIG\'s recommendations, which may\nrelate to more than one reporting period.\n\nGeneral Comments\n\nAs provided for by law, this section offers my general comments on the OIG \'s\nsemiannual report and operations.\n\nI.        Management Challenges. In my view, the organizational and\n          technological transformation that GPO began implementing in 2003\n          remains critical to the future of GPO. To carry out that transformation\n          successfully, in this and previous reports the OIG has identified several\n          challenges facing GPO \'s management that we are various stages of\n          addressing.\n\n          I. Sustainable Environmental Stewardship: Management has articulated\n             a vision for sustainable environmental stewardship. This vision\n             supplements longstanding environmental practices at GPO, including\n             the use of printing papers that meet the requirements for recycled\n             content contained in the Resource Conservation and Recovery Act of\n             1989, as amended, and corresponding Executive Orders; the use of\n             printing inks that comply with the requirements of the Vegetable Ink\n             Printing Act of 1994; and working with the Environmental Protection\n             Agency (EPA) and the District of Columbia to meet the standards for\n             emissions of volatile organic compounds (VOC \' s) established by the\n             Clean Air Act\n\n\n731 Nort~ c\'P;!o] SI\'\'\'\'\'I, NW   WMhirlgton, DC 20401   202\xc2\xb7512\xc2\xb71 000       ttopell<l@gpo.go\\\'\n\x0cThe Honorable Charles E. Schumer - Page 2\n\n\n          Sustainable environmental stewardship continues to be integrated into every\n          aspect of GPO\'s management of its facility, manufacturing processes,\n          acquisitions, and vision for a new platinum LEED-certified building. Over\n          the past year, GPO has realized many of its environmental goals including the\n          use of more environmentally friendly paper, enhancing the efficiency of our\n          fleet operation, installation of a highly reflective roofing system, reduction of\n          both solid and hazardous waste, and a reduction in our VOC\'s.\n\n          GPO is now printing the Congressional Record and the Federal Register on\n          100% recycled newsprint. This transition helps the legislative branch reduce\n          its overall environmental impact.\n\n          GPO has directly benefited from funding provided to the General Services\n          Administration in the American Recovery and Reinvestment Act to upgrade\n          its delivery fleet with more fuel-efficient and environmentally-friendly\n          vehicles. GPO received 21 such vehicles including 18 alternative flex fuel\n          (E85) vehicles and two new hybrid vehicles. Many of these new vehicles will\n          aid in the delivery of printed materials to Congress, the White House, and\n          Federal agencies.\n\n          Currently, GPO is installing roughly 92,700 square feet of a new roofing\n          system. The new roofing system includes several bio-based layers and\n          includes a highly reflecti ve coating that will extend the life expectancy ofthe\n          roof. The reflective roof membrane is on the Agriculture Department\'s bio-\n          based product list, is Energy Star-rated, and is rated by the Cool Roof Rating\n          Council. In addition, this new roofing system qualifies for several LEED\n          points. The roof coating not only reduces cooling demands inside the building\n          but improves the life expectancy and efficiency of rooftop equipment.\n\n          Over the past several months, GPO has established a voluntary partnership\n          with EPA\'s WasteWise program to monitor waste reduction and prevention\n          activities. These efforts successfully diverted over 64% (8,415,900 lbs.) of\n          GPO\'s total waste stream to new and existing recycling streams in 2008.\n           Based on Waste Wise\'s calculations, these actions resulted in the reduction of\n          over 15 billion tons of green house gas emissions.\n\n          Another initiative at GPO is to reduce VOC emissions. Throughout the past\n          six months, we have been testing new fountain solution concentrates that\n          contain no or low VOC\'s. To date, we are now using a fountain solution\n          concentrate on six of our web presses with no VOC\'s and it is more affordable\n          and requires less concentrate that our previous solution.\n\x0cThe Honorable Charles E. Schumer - Page 3\n\n\n          Finally, in preparation to meet the printing demands of the 21 st century, GPO\n          is analyzing the vendor responses received from the Advanced Printing\n          Technology Assessment Request for Proposal conducted over the past several\n          months. This allowed GPO to open a dialog with industry equipment\n          manufacturers to learn more about our production needs and offer solutions\n          that both meet our production requirements and have minimal impacts on the\n          environment.\n\n      2. Management ofHuman Capital: GPO has made strides in establishing and\n         maintaining a diverse workforce. GPO will continue in its efforts to recruit at\n         universities and organizations with a diverse population. One achievement is\n         the Strategic Initiative Alliance, which was recently formed with California\n         State University, Los Angeles, an Hispanic-Serving Institution.\n\n          To address the training aspect of diversity, GPO\'s Equal Employment\n          Opportunity (EEO) and Workforce Development offices worked jointly with a\n          training vendor to develop a program entitled "EEO and Discriminatory\n          Harassment," which is mandatory for all supervisors and managers. In\n          response to the need for more comprehensive diversity training for managers\n          and employees, several meetings have been held with qualified vendors who\n          can develop a diversity training curriculum for all employees.\n\n          The EEO office is preparing to comply with a House Appropriations\n          Committee directive to submit quarterly reports on the progress being made in\n          reducing the number ofEEO complaints at GPO.\n\n         GPO\'s Human Capital (HC) office has completed its work to address each of\n         the actions and recommendations required by the Office of Personnel\n         Management (OPM) throughout FY 09. To begin, GPO has finalized its long-\n         term strategic goals and objectives with the issuance of its FY 2008 Strategic\n         Results document.\n\n         HC has conducted a workforce analysis and identified its mission-critical\n         occupations and competencies. Further discussion with GPO managers\n         regarding positions identified is planned for FY 10. HC also completed\n         development of a database of all grade 15 and Senior Level Service positions\n         in the agency, including current position descriptions and information\n         regarding retirement eligibility for succession planning purposes. HC\'s\n         Workforce Development, Education, and Training (WDET) office developed\n         an agency-wide competency model with definitions of the competencies. In\n         addition, to further strengthen our ability to perform workforce analysis and\n         planning a review ofHC\'s structure and resource allocation is being\n         conducted.\n\x0cThe Honorable Charles E. Schumer - Page 4\n\n\n          Recognizing the need to improve its data infrastructure, maximize strategic\n          partnerships, and to further HC planning and workforce analysis, HC took\n          several important steps towards improvement in FY 09. These efforts began\n          with the implementation of several new automated systems. The National\n          Finance Center\'s (NFC\'s) EmpowHR program was implemented to automate\n          personnel action processing and allow for increased tracking of actions. USA\n          Staffing was implemented to automate the hiring process. In addition, HC\n          succeeded in converting all official personnel files to a secure digital format,\n          e-OPF, which is accessible to all employees. Finally, HC provided support\n          for the implementation ofWebTA, which automated the agency\'s time and\n          attendance processing.\n\n          WDET conducted an agency-wide Training Needs Assessment Survey open\n          to all employees from October 21 through November 11,2009. WDET also\n          created a process to address training evaluations and measurement for GPO\'s\n          supervisor training series. A baseline of information to be measured when\n          evaluating courses was created and an evaluation strategy is currently being\n          implemented.\n\n          HC acknowledges the OIG\'s concerns regarding our on-boarding process. To\n          that end, a comprehensive review and analysis of all HC transaction\n          processing and on-boarding activities under our control is currently being\n          conducted.\n\n      3. Improved Financial Management: The OIG continues to oversee the\n         activities of KPMG, the independent public accountant conducting the annual\n         financial statement audit. During this period, KPMG commenced work on the\n         audit of GPO\'s FY 09 consolidated financial statements. As part of this audit,\n         KPMG will assess the corrective actions planned or taken by GPO to address\n         the deficiencies identified during last year\'s audit.\n\n          Management successfully implemented an integrated system of Oracle\n          enterprise software and applications known as the GPO Business Information\n          System (GBIS) on May 1, 2009, instead ofthe originally planned date of\n          October 1, 2008. The delay was necessary to ensure that proper training,\n          development, and testing were performed. The GBIS team also identified\n          several new items required for proper functionality that needed to be\n          developed and tested prior to going live. It is not anticipated that this delay\n          will have a material affect on the financial statement audit. The KPMG audit\n          team was able to conclude fieldwork on GPO\'s legacy systems in the interim,\n          and should be able to complete the audit work covering May 1 through\n          September 30, 2009, within the new Oracle system. Management is\n          developing new written procedures and updating some existing procedures in\n\x0cThe Honorable Charles E. Schumer - Page 5\n\n\n          response to KPMG\'s FY 08 audit findings. The implementation ofGBIS\n          helped alleviate issues that KPMG identified concerning GPO\'s reconciliation\n          of subsidiary and general ledger accounts using legacy systems.\n\n          Management and KPMG disagreed over the estimated GPO liability for\n          passport warranty cost for FY 08. KPMG said there should be no liability\n          while management believed some exposure existed and maintained that a\n          reserve against the exposure was proper and necessary. During FY 09, GPO\n          did not experience any passport warranty claims and also reached agreement\n          with the State Department on an updated Memorandum of Understanding\n          regarding the production of passports including warranty claim computation\n          and treatment. As a result, management now concurs with the KPMG\n          recommendation regarding the review and reporting of the passport product\n          warranty liability and has accordingly reversed the $1.4 million accrual for\n          product warranty liability.\n\n      4. Continuity a/Operations: Development of GPO\'s continuity of operations\n          (COOP) capabilities continues as a top management priority.\n\n         A previous OIG review contained several recommendations designed to\n         improve GPO\'s overall COOP posture, including a recommendation that GPO\n         adopt the planning requirements and critical elements identified in Federal\n         Preparedness Circular 65, "Federal Executive Branch Continuity of\n         Operations" (since then, Federal Continuity Directive I, February 2008, has\n         superseded FPC-65, and is now used as the guidance for GPO\' s COOP\n         activities). GPO continues to review and update its comprehensive COOP\n         plan based on the Federal Emergency Management Agency template of key\n         COOP components. The plan discusses issues such as essential functions,\n         interoperable communications, and delegations of authority as well as testing,\n         training, and exercises. In response to the possible HINI flu pandemic, GPO\n         developed a Pandemic Flu Plan Annex, which detailed pre-defined .actions for\n         specific situations.\n\n         GPO continues to take the necessary steps for enhancing its COOP posture,\n         including planning and conducting exercises with scenarios that test alternate\n         production facilities and procedures for notifying essential personnel. GPO\'s\n         business continuity team has also continued to work directly with GPO \'s\n         various business units in support of the COOP program. COOP has worked\n         with Congressional Publishing Services to create fly-away kits for Congress.\n         These kits contain printing equipment and supplies for emergency printing of\n         enrolled bills. GPO\'s business units are developing individual COOP plans\n         that support and further define GPO\'s overall COOP plan.\n\x0cThe Honorable Charles E. Schumer - Page 6\n\n\n          Accomplishments during the most recent period included conducting the\n          largest, most complex COOP exercise in support of Congress, in August 2009.\n          The exercise included many first time participants and provided employees\n          and managers with the opportunity to experience working in a COOP\n          environment. The after-action report detailed areas for improvement and\n          retesting. GPO hosted its first National Preparedness Month fair, which more\n          than 300 employees attended. Employees learned about emergency\n          preparedness for their families, including how to develop a plan. GPO\'s\n          safety, police, and medical units provided information also. The Pan Flu\n          Committee continues to manage the pandemic flu situation. Various\n          departments have worked together to share resources and increase employee\n          awareness.\n\n      5. Internal Controls: Management concurs with KPMG\'s recommendations\n          regarding internal controls over financial information and is taking corrective\n          actions on:\n\n          \xe2\x80\xa2   Reporting of general property, plant, and equipment;\n          \xe2\x80\xa2   Reporting of passport work-in-progress inventory;\n          \xe2\x80\xa2   Compilation in management review of the consolidated financial\n              statements; and\n          \xe2\x80\xa2   Certain reconciliation controls.\n\n          As noted above, management and KPMG initially disagreed over the\n          estimated GPO liability for passport warranty cost for FY 2008. Management\n          now fully concurs with the KPMG recommendation regarding the review and\n          reporting of the passport product warranty liability.\n\n         Management concurs with the OIG\'s findings relating to accounts payable\n         service billings. During FY 10, all related standard operating procedures\n         (SOP\'s) will be reviewed. Current SOP\'s will be changed or new SOP\'s\n         written as appropriate.\n\n         Management previously concurred with KPMG\'s recommendations relating\n         to the processing of human capital information. HC has worked throughout\n         FY 09 to implement the following corrective actions:\n\n          \xe2\x80\xa2   A review of National Finance Center (NFC) access rights was conducted\n              in early 2008 and requests for access were modified based on HC roles\n              and responsibilities. HC staff conducts an online review and validates the\n              accuracy of each personnel action entered. At the time the audit was\n              conducted, this review was conducted by the HC staff member who\n              entered that document. However, with the implementation ofEmpowHR,\n\x0cThe Honorable Charles E. Schumer - Page 7\n\n\n              each personnel action is reviewed by either a HC specialist or senior HC\n              specialist. This review is tracked in EmpowHR, capturing the date and\n              time the action was accessed and what fields, if any were modified. HC\n              managers included accuracy as a measured goal in each HC assistant and\n              specialist performance plan in FY 09; employees are being measured\n              against these plans.\n\n          \xe2\x80\xa2   A process has been established and implemented that provides appropriate\n              controls over the use of the override code for the input of salanes that are\n              not on pay tables. This action is consistent with the KPMG audit\n              recommendation.\n\n          \xe2\x80\xa2   Additionally, in order to reduce the likelihood of errors and to improve the\n              level of service, a complete Quality Assurance review and analysis of all\n              HC transaction processing and customer services was requested. As a\n              result, GPO\'s organizational architects have begun a comprehensive\n              review and analysis of all HC transaction processing.\n\n          Management concurs with KPMG\'s recommendation on information\n          technology general controls. GPO\'s Information Technology and Systems\n          unit is developing a plan to address implementation of the recommendations.\n          The recommendations KPMG made will require additional resources to\n          implement. Therefore those needs will be coordinated with GPO\'s Planning\n          and Strategy Board for investment review and approval.\n\n      6. Security and Intelligent Documents: GPO\'s Security and Intelligent\n         Documents (SID) business unit continued to be the Federal Government\'s\n         leading provider of secure credentials and identity documents in two secure\n         production facilities located in Washington, DC, and Stennis, MS. During FY\n         09, in l!ddition to manufacturing more than 10.5 million passports for the\n         Department of State, SID also printed, personalized, and distributed more than\n         600,000 Trusted Traveler border crossing card credentials in support of the\n         Department of Homeland Security\'s Customs and Border Protection agency\n         from its new Secure Credential Center (SCC) located at the GPO central\n         office in Washington, DC, more than 45,000 Medicare identification\n         credentials used in Puerto Rico in support of a requisition from the\n         Department of Heath and Human Services, and more than 10,000 secure law\n         enforcement credentials to support the Capital Police during the Presidential\n         inauguration ceremonies.\n\n          During the second halfofFY 09, SID completed the rollout of the 5S Program\n          in both its DC and MS production sites and reported significant improvements\n          to the cleanliness and orderliness of the work places along with more efficient\n\x0cThe Honorable Charles E. Schumer - Page 8\n\n\n          and streamlined work flows. Additionally, SID completed the full\n          documentation of process work flows and production work instructions to\n          underpin a secure library that will provide a foundation for ISO 9000\n          certification.\n\n          Finally, SID continued to work toward the certifications required for\n          processing, personalizing, and distributing HSPD-12 compliant identification\n          credentials in the SCC with a target of April 2010 for capability rollout. This\n          certification will allow GPO\'s SCC to more comprehensively serve Federal\n          agencies in the area of secure credentials.\n\n      7. Protection of Sensitive Information: GPO has been working diligently to\n         address this challenge. For several months, and particularly within all the\n         organizations under the Chief Management Officer where the bulk of the PH\n         resides or is used, there has been a concerted effort to identify and locate all\n         PH within the records maintained in those offices, in both digital or hard copy\n         files. That effort has produced a comprehensive assessment of where the PH\n         resides, how it is needed and used to accomplish the mission, and what\n         controls are in place to protect the PH from inadvertent or malicious\n         disclosure. Where needed, controls have been enhanced. Employees are\n         continuing to be trained to recognize and protect sensitive information. In\n         addition, steps have been taken to eliminate or reduce the need for PH except\n         where it would frustrate the achievement of a needed task or operation.\n\n          In addition to addressing the PH that may be maintained within agency\n          records, there has been a similar effort to review all print contracts that\n          involve the receipt or handling of PH. It is and has been GPO\'s practice to\n          include in all such contracts provisions that impose on the contractor an\n          obligation to safeguard any PH that comes to it in the course of performance\n          on its contract. GPO is working to enhance existing controls to prevent any\n          deviations from this practice.\n\n          At the same time, GPO has been developing an internal directive that will\n          mandate that a series of steps be taken to enhance the policies for addressing\n          this issue in a comprehensive manner. As part of this agency-wide effort, a\n          Privacy Officer is to be appointed, who will be assisted by a program manager\n          reporting to the Privacy Officer. We expect to be able to share the final draft\n          of this directive with the OIG in December 2009.\n\n      8. Information Technology and Systems (IT&S) Management: GPO successfully\n         established an Enterprise Architecture program, which has brought value to\n         investment and technical strategy decisions at the agency. This has also\n\x0cThe Honorable Charles E. Schumer - Page 9\n\n\n          improved communication flow with business units at GPO on IT systems,\n          technology and investments.\n\n          GPO continues to work to comply with the Federal Information Security\n          Management Act of2002 (FISMA), and made progress in FY 09. When the\n          OIG identifies gaps in GPO\'s systems, those items are considered as high-\n          priority action items within IT&S. As a result ofthese audits and IT&S\n          activities, compliance was enhanced this year and continues to improve.\n\n          Significant enhancements to GPO \'s Federal Digital System (FDsys) were\n          implemented during FY 09, which included the addition of many new\n          collections: In addition, progress was made toward the establishment of a\n          failover system for FDsys in the legislative branch alternate computing\n          facility. GPO continued to take action on the steps necessary to allow the\n          eventual sunset of GPO Access, working in close consultation with\n          congressional and other stakeholders. GPO enhanced its services to Congress\n          with respect to document authentication during FY 09 in that congressional\n          Bills are now digitally signed and authenticated as they are posted online to\n          FDsys and GPO Access. Modifications to GPO\'s Public Key Infrastructure\n          (PKI) capability were successfully implemented during the year to include\n          generation capability for certificates supporting HSPD-12/PIV cards, thereby\n          continuing to provide a full set of Federal PKI services and capabilities that\n          are important in the Shared Service Provider (SSP) arena.\n\n          GPO\' s launch of GBIS represents a significant step forward in transitioning\n          GPO\'s critical financial information systems onto new and sustainable\n          technology. Both FDsys and GBIS were supported with independent\n          verification and validation (IV&V) activities coordinated with the OIG.\n          IV& V activities are anticipated for the future activities on FDsys, but may not\n          be required for GBIS since future GBIS development activities will consist of\n          incremental enhancements.\n\n      9. Business Development and Customer Service: Management concurs with the\n         OIG and continues to make progress is this area. Print Procurement has\n         undertaken an extensive business process redesign aimed at responsiveness to\n         the 21 st century needs of our customers. SOP\'s will improve consistency and\n         hence the quality of customer service regardless of what team or individual\n         within GPO is providing it. Implementations will continue throughout the\n         current fiscal year.\n\n          GPO has additional initiatives aimed at improving business development and\n          service for our customer agencies. These initiatives include creating and\n\x0cThe Honorable Charles E. Schumer - Page 10\n\n\n          staffing a specialized marketing function and building a foundation for\n          improved sales coverage and customer focus.\n\n          A significant improvement in customer service was made during this reporting\n          period. Print Procurement incorporated a GPS tracking system into operations\n          to monitor the location of messenger vehicles and make en-route adjustments\n          to better serve our customers . . Print Procurement in collaboration with other\n          GPO business lines is developing an automated Standard Form 1 (SF -I) to be\n          used by customer agencies to requisition printing. It is also building a\n          communication and status (COMSTAT) center to track the status of customer\n          jobs. Both ofthese initiatives should be completed by early 2010.\n\n      10. Acquisitions: Management concurs with the OIG and continues to make\n          progress is this area. Following the model established in the Services\n          Acquisition Reform Act of2003, GPO\'s Acquisitions Services (AS) has\n          adopted the training for acquisition professionals as offered by the Federal\n          Acquisition Institute (FAI). This program was fully implemented in FY 08.\n          To date, all AS contracting officers are Level I certified; 90% of all AS\n          contracting officers PG-12 and above are Level II certified; and 85% of the\n          Senior Acquisition staff PG-14 and above are Level III certified. Working\n          with GPO\'s Workforce Development office, the F AI -equivalent training is\n          being provided to employees onsite. Currently, all classes are offered at GPO\n          with both AS and Printing Procurement contracting officers enrolled in the\n          training.\n\n          In an effort to retain talent in acquisitions, management has worked with HC\n          to review contract specialist position descriptions and to fill jobs, when\n          applicable, using a career ladder format, i.e. PG-9/11112; PG-12/13; PG-\n          13/14.\n\n          AS has included in its performance goal for FY 10 to undergo an independent\n          assessment of AS. This assessment will consist of surveying key business\n          unit stakeholders and acquisition staff members to determine strengths,\n          weaknesses, and risks and identify areas for improvement.\n\nII.    Audits and Inspections. During the reporting period, the OIG issued 6 new\n       audit and assessment reports, with recommendations to help improve operational\n       performance:\n\n      \xe2\x80\xa2   Oracle Database Security for GPO\'s Passport Printing and Production\n          System (Audit Report 09-09, July 16, 2009). This was an audit to evaluate\n          security configurations for the Oracle databases supporting production of\n\x0c                                                                                           .- --,   -- ";;\'- \' -- .:. :~\'\n\n\n\n\nThe Honorable Charles E. Schumer - Page II\n\n\n          passports. The report contained recommendations to strengthen passport\n          production security and reduce the risk of system compromise.\n\n      \xe2\x80\xa2   GPO PKi Certification Practices Statement Conformity with the Federal PKi\n          Common Policy Framework and the GPO Certificate Policy - Attestation\n          Report (Assessment Report 09-10, September 23,2009). This assessment\n          concluded that GPO\'s certification practices statement conforms with the\n          Federal PKI common policy framework and GPO\'s certification policy. This\n          assures Federal agencies that GPO is a qualified PKI service provider\n          operating under the Federal common PKI common policy framework.\n\n      \xe2\x80\xa2     WebTrust Assessment a/GPO\'s Public Key Infrastructure Certification\n            Authority -Attestation Report (Assessment Report 09-11, September 23,\n            2009). This assessment resulted in an unqualified, or clean, opinion that\n          . GPO\'s management assertion related to the adequacy and effectiveness of\n            controls over its PKI certification authority operations is, in all material\n           respects, fairly stated based on the American Institute of Certified Public\n           Accountants WebTrust for certification authorities criteria. This assessment\n            further assures Federal agencies of GPO\'s status as a qualified PKI service\n           provider.\n\n      \xe2\x80\xa2   Federal Digital System (FDsys) Independent Verification and Validation\n          (IV&V) - Seventh Quarter Report on Risk Management, Issues, and\n          Traceability (Assessment Report 09-12, September 30,2009). This\n          assessment continued the ongoing IV& V evaluation associated with the\n          development of FDsys. This evaluation provides quarterly observations and\n          recommendations on the FDsys program\' s technical, schedule, and cost risks,\n          as well as related issues. This quarterly report included mUltiple\n          recommendations designed to improve FDsys program management with\n          which management generally concurred, with the exception of one.\n          Regarding that recommendation, the FDsys program management office\n          (PMO) concurs that system issues identified during user acceptance testing\n          (UAT) should be entered as program tracking reports (PTR\'s). The PMO\n          received various comments during the UAT process. Some of these comments\n          were issues with the system. These issues were entered as PTR\' s. Other\n          comments received were previously identified issues or were not actual issues\n          with the system. These comments were not entered as PTR\'s. The PMO\n          evaluated all responses received and entered PTR\'s for any issue that was\n          actually a system issue. The PMO concurs that UAT reports results and\n          resolutions should be disseminated to participants.\n\n      \xe2\x80\xa2   Accounts Payable Service Billings (Audit Report 09-13, September 30, 2009).\n          This audit identified measures to improve controls over accounts payable,\n\x0cThe Honorable Charles E. Schumer - Page 12\n\n\n          including GPO\'s processes and procedures for invoice payment. Management\n          has concurred with the audit report\'s recommendations and has planned\n          responsive corrective actions.\n\n      \xe2\x80\xa2   GPO\'s Workers\' Compensation Programs (Audit Report 09-14, September\n          30, 2009). This audit evaluated the adequacy of controls over GPO\'s\n          Workers\' Compensation Program as established by the Federal Employees\'\n          Compensation Act and administered by the Department of Labor. The audit\n          concluded that GPO\'s program is being operated in accordance with\n          appropriate Federal guidelines, regulations, and directives, and that there have\n          been major improvements in program performance since the last audit in\n          2002, including a reduction in workers\' compensation benefits paid on GPO\'s\n          behalf and a decrease in GPO workers\' compensation claimants. However,\n          the report also included recommendations for procedural and policy\n          improvements to further enhance and strengthen GPO\'s Workers\'\n          Compensation Program. Management has concurred with these\n          recommendations and will take responsive actions.\n\n      FDsys IV &V. Management has the following response to the OIG\'s comments\n      on FDsys IV&V findings:\n\n      \xe2\x80\xa2   Functionality. As GPO approached the launch ofFDsys, we determined that\n          the lowest risk approach would be to phase in functionality (starting with\n          access to publications and followed by submission of publication) and phase\n          in collections (starting with the most frequently accessed publications).\n          Therefore we agree that the actual functionality is less than originally planned,\n          but the approach we have taken has reduced our risk while we complete\n          planned functionality.\n\n      \xe2\x80\xa2   Public. Beta. GPO management accepted the position to rollout FDsys in a\n          public beta structure early in calendar 2009. By executing the launch in this\n          way, we have had the opportunity to discover performance issues and resolve\n          them without affecting GPO\'s integrity to provide uninterrupted access\n          Federal publications. The redesign discussed in the IV & V language was a\n          change to better optimize the performance of Documentum elements within\n          FDsys, and redistribute content processing functionality to a more scalable\n          structure outside ofthe Documentum framework. This change was a result of\n          performance issues encountered while processing the History of Bills\n          collection and the Congressional Record Index collection, two very large and\n          complex sets of data. The end result was enhanced performance without\n          disruption to access to existing publications.\n\x0cThe Honorable Charles E. Schumer - Page 13\n\n\n          Utilizing this strategy has allowed the FDsys team to make system\n          enhancements as required without significant disruptions in service. Further,\n          GPO has established stringent and high-integrity guidelines for making FDsys\n          the system of record. These guidelines include completing the migration of\n          GPO Access content into FDsys and establishing a tested, offsite backup\n          instance. Content migration is progressing and the backup instance is being\n          built now and will be operational in FY 10, allowing FDsys to become the\n          system of record, initiating the sunset process for GPO Access.\n\n      \xe2\x80\xa2   Cost. When the initial cost estimates were developed for FDsys in late 2004,\n          only a concept of operations was available, with the development of\n          functional requirements just starting. The first version of the functional\n          requirements was not released until May 2005. Nonetheless, an estimate was\n          established for the development ofFDsys. This estimate did not take into\n          account the total cost associated with migrating content from GPO Access to\n          FDsys, which proved to be more time consuming and costly than we\n          anticipated. Originally, in late 2004, GPO decided to establish a backup\n          capability for GPO Access that included hosting GPO Access content offsite\n          in an alternate (non-WAIS) data structure, and data migration activities were\n          underway to support this initiative. Our plan was to utilize this data migration\n          work and use it to move GPO Access content into FDsys. Unfortunately, the\n          data migration activity did not result in a sufficiently robust transformation of\n          the GPO Access content, and additional work was required.\n\n          GPO concurs that the cost of Release I to date has exceeded the original\n          estimate. However, the original planned cost of approximately $16 million\n          for Release 1 concentrated on system functionality, and did not include all of\n          the costs we subsequently encountered with developing and integrating the\n          software code required to support data migration.\n\n      \xe2\x80\xa2   Content in System. GPO concurs that not all collections are available in the\n          system. GPO chose to make difficult, high demand collections available\n          rather than to work on easier but less in demand collections. As a result,\n          based not only on the number of collections but on usage statistics, volume,\n          and other measures, the vast majority of the high-demand content is currently\n          available in FDsys. This content will be further augmented once the Code of\n          Federal Regulations is ingested by the end of2009, with the remaining\n          content to follow.\n\n      \xe2\x80\xa2   System ofRecord. GPO concurs that FDsys is not yet the system of record.\n          GPO has determined that criteria other than just "all content in FDsys" be met\n          before FDsys can become the system of record. Logical activities such as\n          establishing COOP capability, testing, and user training must also be\n\x0cThe Honorable Charles E. Schumer - Page 14\n\n          completed to ensure the success of FDsys. As indicated above, the FDsys\n          team is working diligently to ensure that FDsys becomes the system of record\n          in FY10.\n\n      \xe2\x80\xa2   Schedule. As the IV& V report indicates, FDsys functionality was delivered\n          behind schedule. However, the root cause of this delay can be traced to issues\n          with our Master Integrator (MI). While most of the work done with the MI is\n          being used by FDsys, the fact is that these issues significantly delayed the\n          initial production version ofFDsys. By realigning the program and taking\n          control of the integration of FDsys, we believe the FDsys team has taken the\n          steps necessary to deliver this system as quickly and as cost effectively as\n          possible.\n\n      Other DIG Audits and Inspections. During the reporting period, KPMG began\n      work on the audit of GPO\'s FY 09 financial statements, pursuant to a multiyear\n      contract. The OIG serves as the contracting officer\' s technical representative in\n      the conduct of this work.\n\n      Prior Period Outstanding Recommendations. As required by law, this section\n      summarizes management\'s actions to address OIG recommendations still\n      outstanding from previous reporting periods, based on a report generated by\n      GPO\'s Office of Quality Assurance:\n\n      \xe2\x80\xa2   GPO Network Vulnerability Assessment (Assessment Report 06-02, March 2B,\n          2006). The two remaining recommendations have been resolved but will\n          remain open pending management\'s completion of agreed to corrective\n          actions.\n\n      \xe2\x80\xa2   Report on GPO\'s Compliance with the Federal Information Security\n          Management Act (FISMA) (Assessment Report 07-09, September 27, 2007).\n          Four of the seven remaining recommendations have been resolved and 3 have\n          been partially resolved. Management continues to work toward implementing\n          corrective actions for the seven open recommendations.\n\n      \xe2\x80\xa2   GPO Network Vulnerability Assessment (Assessment Report OB-OI, November\n          1,2007). One of the two remaining recommendations has been resolved and\n          the other is partially resolved; both remain open pending completion of the\n          network device replacement project.\n\n      \xe2\x80\xa2   Operating System Security for GPO \'s Passport Printing and Production\n          System (Assessment Report 08-06, March 31, 2008). NTLMv2 is supported\n          by all operating systems in use in passport production. Therefore, enabling\n          this feature should present no significant operational risk. Management\n          continues to work on closing this recommendation.\n\x0cThe Honorable Charles E. Schumer - Page 15\n\n\n      \xe2\x80\xa2   Diversity Management Programs at GPO (Audit Report 08-10, September 11,\n          2008). Two recommendations remain open. As the OIG\'s report states,\n          management has begun implementing the remaining essential elements of the\n          Equal Employment Opportunity Commission\'s Management Directive 715\n          and the leading diversity management practices identified by the Government\n          Accountability Office.\n\n      \xe2\x80\xa2   Assessment of GPO\'s Transition Planningfor Internet Protocol Version 6\n          (Assessment Report 08-12, September 30,2008). Management has either\n          planned or taken responsive corrective action to the one remaining\n          recommendation.\n\n      \xe2\x80\xa2   Federal Digital System (FDsys) Independent Verification and Validation\n          (IV& V) - Fourth Quarter Report on Risk Management, Issues, and\n          Traceability (Assessment Report 09-01, November 4,2008). The three\n          remaining recommendations are resolved but will remain undispositioned and\n          open for reporting purposes until corrective actions are completed.\n\n      \xe2\x80\xa2   Audit of GPO\'s Passport Printing Costs (Audit Report 09-02, December 22,\n          2008). One of the three remaining recommendations is resolved pending\n          finalization of the 5-year capital investment plan for passports, and\n          management has planned actions that are responsive to the other two\n          recommendations.\n\n      \xe2\x80\xa2   Federal Digital System (FDsys) Independent Verification and Validation\n          (IV& V) - Fifth Quarter Report on Risk Management, Issues, and Traceability\n          (Assessment Report 09-03, December 24,2008). Management\'s proposed\n          actions are responsive to and resolve the four remaining recommendations.\n          The recommendations remain open until the actions are verified by the IV&V\n          team ..\n\n      \xe2\x80\xa2   Federal Digital System (FDsys) Independent Verification and Validation\n          (IV& V) - Security Analysis Report (Assessment Report 09-04, December 24,\n          2008). Management\'s proposed actions are responsive to and resolve the\n          three remaining recommendations. The recommendations remain open until\n          the actions are verified by the IV&V team.\n\n          Federal Digital System (FDsys) Independent Verification and Validation\n          (IV& V) - Sixth Quarter Report on Risk Management, Issues, and Traceability\n          (Assessment Report 09-07, March 20,2009). The three remaining\n          recommendations are resolved but will remain open pending review by the\n          IV&Vteam.\n\x0cThe Honorable Charles E. Schumer - Page 16\n\n\n       \xe2\x80\xa2     Oracle E-Business Suite Release 2 Independent Verification and Validation\n             (IV&V) - Technical (Assessment Report 09-08, March 31, 2009). The\n             actions taken and proposed are responsive to and resolve one remaining\n             recommendation, but it will remain open until the IV& V team reviews the\n             documented plan and observes post implementation support.\n\nIII.   Investigations. During the reporting period, the OIG performed investigative\n       work on workers\' compensation fraud, procurement fraud, employee misconduct,\n       and other matters. A principle highlight was the investigation of GPO\'s\n       publication and online posting of House Document 111-37, describing, among\n       other things, nuclear activities at various sites in the United States. While the\n       investigation found no wrongdoing on the part of GPO, it contained a number of\n       recommendations to help identify and prevent unwanted disclosures of sensitive\n       information. GPO will implement these recommendations. The OIG\'s report was\n       also made available to the GAO in its investigation of the dissemination of\n       H.Doc. 111-37 as requested by the Speaker of the House of Representatives.\n       During the reporting period, the OIG issued a report of investigation that\n       disclosed that four employees made false statements during the conduct of their\n       employment; as a result, GPO has issued notices to the employees of its intent to\n       terminate their employment. The OIG also completed its program of providing\n       training on procurement fraud to GPO\'s regional offices nationwide. These\n       activities demonstrated the value of OIG investigators in protecting GPO from\n       waste, fraud, and abuse.\n\nIV.    Statistical Tables.\n\n       Statistical tables as required by law are enclosed.\n\nIf you need additional information with respect to this report, please do not hesitate to\ncontact Mr. Andrt<w M. Sherman, Director of Congressional Relations, on 202-512-1991,\nor bye-mail at asherman@gpo.gov.\n\nSincerely,\n\n\n\nROBERT C. TAPELLA\nPublic Printer\n\nEnclosures\n\x0cThe Honorable Charles E. Schumer - Page 17\n\n\ncc:   The Honorable Robert Brady, Vice Chairman\n      The Honorable Dan Lungren, Ranking Minority Member\n      The Honorable Patty Murray\n      The Honorable Tom Udall\n      The Honorable Robert Bennett\n      The Honorable Saxby Chambliss\n      The Honorable Michael Capuano\n      The Honorable Susan A. Davis\n      The Honorable Kevin McCarthy\n\x0cENCLOSURE I\n\n                   STATISTICAL TABLE FOR SECTION S(b)(2) - DISALLOWED COSTS\n\n                                                         Number of        Disallowed Costs\n                                                        Audit Rel20rts Questioned UnSUI2I20rted\nA.      Audit reports for which final action I had\n        not been taken by the commencement\n        of the reporting period                                0               0           0\n\n        Audit reports issued during the period\n        with potential disallowed costs                        0               0           0\n\n        Total Costs                                            0               0            0\n\nB.      Audit reports on which management\n        decisions\' were made during the\n        reporting period\n\n        ( i.)   Dollar value of disallowed costs              0            0               0\n\n       (ii.)    Dollar value of allowed costs                 0            0               0\n\nC.     Audit reports for which final action\n       was taken during the period, including:\n\n       ( i.)    Dollar value of disallowed costs               0           0               0\n                that were recovered by management\n                through offsets against other\n                contractor invoices or nonpayment\n\n       (ii. )   Dollar value of disallowed costs               0           0               0\n                that were written off by management\n\nD.     Audit reports for which no final                        0           0               0\n       action has been taken by the end\n       of the reporting period\n\n\n\n\nI As defined by law, the term "final action" means the completion of all actions that the management of\nan establishment has concluded, in its management decision, are necessary with respect to the findings\nand recommendations included in an audit report, and in the event that the management concludes no\naction is necessary, final action occurs when a management decision has been made.\n2 As defined by law, the term "management decision" means the evaluation by management of the\nfindings and recommendations included in an audit report and the issuance of a final decision by\nmanagement concerning its response to such findings and recommendations, including actions concluded\nto be necessary.\n\x0cENCLOSURE II\n\n\n       STATISTICAL TABLE FOR SECTION 5{b}{3}- FUNDS PUT TO BETTER USE\n                   AGREED TO IN A MANAGEMENT DECISION\n\n                                                          Number of       Dollar Value of\n                                                          Audit ReQorts   Recommendations\nA.        Audit reports for which final action3 had\n          not been taken by the commencement of\n          the reporting period                                   0                   0\n\n          Audit reports for which final action had\n          not been taken for new reports issued\n          during the reporting period with potential\n          funds put to better use\n                                                                0                    0\nB.        Audit reports on which management\n          decisions4 were made during the reporting\n          period                                                0                    0\n\nC.        Audit reports for which final action was\n          taken during the reporting, including:\n\n          ( i.)    Dollar value of recommendations\n                   that were actually completed                 0                    0\n\n          (ii.)   Dollar value of recommendations\n                  that management has subsequently\n                  concluded should not or could not\n                  be implemented or completed                   0                    0\n\nD.        Audit reports for which no final action has\n          been taken by the end of the reporting period         0                    0\n\n\n\n\n3   Same definition as in Enclosure I.\n4   Same definition as in Enclosure I.\n\x0c'